String safety (#1548)

* Array size UB fixes

* Fix ShieldD

* Remove (almost) all unsafe strcpy calls

Bunch of macros. C arrays are easy enough and just need a different call. For various cases where a char* is passed around bare, I've made a TEXT_SPAN macro that can store a length too for bounds checking.

* Move crash handling in safe string operations to separate TU

* strcat safe version

* sprintf made safe too

* Fix compile
This commit is contained in:
Pieter-Jan Briers
2026-05-24 18:43:00 +02:00
committed by GitHub
parent af162bbd0a
commit a6376368ee
100 changed files with 781 additions and 546 deletions
+3 -2
View File
@@ -4,10 +4,11 @@
#define MSL_USE_INLINES 1 // needed to inline tolower call. not inlined elsewhere in the repo
#include <cstring>
#include <cctype>
#include <cstring>
#include <string>
#include "JSystem/JKernel/JKRHeap.h"
#include "dusk/string.hpp"
#include "global.h"
JKRFileLoader* JKRFileLoader::sCurrentVolume;
@@ -104,7 +105,7 @@ const char* JKRFileLoader::fetchVolumeName(char* buffer, s32 bufferSize, const c
static char rootPath[2] = "/";
if (strcmp(path, "/") == 0) {
strcpy(buffer, rootPath);
SAFE_STRCPY_BOUNDED(buffer, bufferSize, rootPath);
return rootPath;
}